Concourse CI
A Terraform module for deploying Concourse CI.
Prerequisites
- Use Packer to create an AMI with Concourse (and related tooling installed) installed:
# From the project root, using task:
task ami- Generate key pairs for Concourse:
# Create folder
mkdir -p keys
ssh-keygen -t rsa -f ./keys/tsa_host_key -N ''
ssh-keygen -t rsa -f ./keys/worker_key -N ''
ssh-keygen -t rsa -f ./keys/session_signing_key -N ''
# Authorized workers
cp ./keys/worker_key.pub ./keys/authorized_worker_keysRequired for HTTPS
Route53 hosted zone, domain and ACM certificate.
Required for Github authentication
Github Oauth application, with an encrypted password:
aws kms encrypt \
--key-id <aws-kms-key-id> \
--plaintext <github-client-secret> \
--output text \
--query CiphertextBlob \
--profile defaultOr you can add it to SSM Parameter store/Secrets Manager and aws-env will populate the environment at runtime:
module "concourse_atc" {
# ... other configuration
github_client_id = "sm:///concourse-deployment/github-oauth-client-id"
github_client_secret = "sm:///concourse-deployment/github-oauth-client-secret"
}By default the ATC will have permissions to read secrets from /concourse-deployment/* in secrets manager (in addition to /concourse/* for the secrets backend).
Usage
See example. If you want to learn more about how to use Concourse, check out the official documentation.
Related projects
- concourse-images: A collection of docker images for use in Concourse tasks.
- concourse-tasks: A very small collection of Concourse tasks :)
- concourse-sts-lambda: Lambda for managing temporary AWS credentials stored in Secrets Manager.
- concourse-github-lambda: Lambda for managing Github deploy keys.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent